In certain circumstances the stack protection feature can be rendered ineffective, leaving the protected function vulnerable to stack-based buffer overflows.

CVE
CVE-2020-24658
Date
24th December 2020
Affects
Arm Compiler 5.01 to 5.06u6 inclusive, if code is compiled with the options:
armcc --protect_stack, or --protect_stack_all.
Impact
An undetected stack overflow can lead to a function return address being overwritten, potentially causing a crash or hang or allowing an attacker to gain control over program execution.

Resolution

This issue is fixed in Arm Compiler 5.06u7. Users are recommended to upgrade if they are impacted by this issue.
Credit
Thanks to Nico Golde of Apple for reporting this vulnerability.